Indian Govt Warns of Apple iTunes and Google Chrome Vulnerabilities: Urges Quick Updates

The Indian government's Computer Emergency Response Team (CERT) has recently issued a cautionary advisory regarding potential security risks associated with Apple iTunes and Google Chrome applications for desktop computers. They've highlighted vulnerabilities that could be exploited by malicious actors, leading to unauthorized access to users' devices and sensitive information, including financial details.

CERT mentioned on its website, “A vulnerability has been reported in Apple iTunes which could be exploited by a remote attacker to execute arbitrary code on the targeted system. This vulnerability exists in Apple Product due to improper checks in CoreMedia component. A remote attacker could exploit this vulnerability by sending a specially crafted request. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system”.

Let's delve into the specifics, starting with iTunes. CERT identified a flaw within the 'CoreMedia' component of iTunes, allowing hackers to gain access to systems through specially crafted requests. This vulnerability affects users of iTunes on Windows systems prior to version 12.13.2. To mitigate this risk, CERT strongly recommends updating iTunes to the latest version available. Users can accomplish this by accessing the Help section within the iTunes application and selecting "Check for Updates."

Here's what Apple users can do to safeguard their systems:

- Update iTunes: CERT advises users to ensure they are running the latest version of iTunes, specifically version 12.13.2 or newer, to address the identified vulnerabilities. The update process can be initiated by navigating to the Help section within the iTunes application and selecting "Check for Updates." Following the provided prompts will guide users through the update procedure.

- Exercise Caution: While awaiting the update, users should remain vigilant against suspicious requests or messages encountered while using iTunes. Refrain from clicking on unfamiliar links or downloading files from untrusted sources, as hackers may attempt to exploit the vulnerability through deceptive means.

- Stay Informed: Keeping abreast of security advisories and updates from credible sources, such as Apple and organizations like CERT, is crucial. Regular monitoring of official announcements can help users understand the nature of the vulnerability and take appropriate measures to safeguard their devices.

- Implement Additional Security Measures: In addition to updating iTunes, users can bolster their device's security by adopting best practices such as using strong, unique passwords, enabling two-factor authentication, and utilizing reputable antivirus or security software to detect and mitigate potential threats.

Beyond Apple iTunes, CERT also identified vulnerabilities in Google Chrome, specifically within components known as Visuals and ANGLE. These flaws could be exploited by hackers to compromise user systems. One such vulnerability, labelled CVE-2024-4671, is reportedly already being exploited. To safeguard against such threats, users are advised to ensure they are using Chrome version 124.0.6367.201/.202 on Windows and Mac or version 124.0.6367.201 on Linux. To update Chrome, users can access the Help option and select "About Google Chrome" to check for and install any available updates.